Meta Faces Lawsuit due to the Scraping of Patient Records from Hospital Web Pages

Meta is confronting a legal action alleging the social media company is knowingly getting patient data from hospital web pages by means of the Meta Pixel tracking application, and as a result has committed the privacy violation of millions of individuals.

The lawsuit was filed in the U.S. Northern District of California and states violations of state and federal government rules associated with the acquisition of patient details without permission. Last week, The Markup/STAT’s report on research regarding the 100 leading hospitals in the U.S.A. showed that a third employed the Meta Pixel code on their sites. The Meta Pixel tool is a bit of JavaScript code that is utilized to keep tabs on visitor behavior on websites, for example, the buttons they click and the choices they pick from dropdown menus. If the tool is integrated on healthcare organizations’ websites, it’s likely for the tool to send protected health information (PHI) to Meta/Facebook, for instance, IP address, whenever a patient has reserved a consultation and any details picked from menus, for instance, the health condition that the consultation is about.

The study found 7 hospital systems that had integrated Meta Pixel on their patient sites behind password security and the tool was transferring sensitive information for example patient ailments, which may be connected to the patients by means of their IP addresses. The research did not get any proof that Meta had signed a business associate agreement with the healthcare providers. There was likewise no permission to disclose patient information with Meta acquired from patients by the medical centers and healthcare networks that employed Meta Pixel.

The lawsuit was submitted on behalf of patient John Doe, who uses Facebook as well as a Maryland-based Medstar Health System patient. The plaintiff stated he utilizes the patient site for booking appointments, sending messages to providers, and checking laboratory examination results, and didn’t authorize the sharing of data with Meta/Facebook. Medstar Health mentioned all patient details are safe and it doesn’t employ any Facebook/Meta tech on its web pages. As per the lawsuit, no less than 664 healthcare systems in America have incorporated the Meta Pixel tool into their sites, which transmits sensitive information to Meta.

Meta claims on its site that whenever Meta’s signals filtering process finds Business Tools data that is classified as likely sensitive health-associated data, the filtering system is made to keep that information from being taken into our ads ranking and optimization models. Nonetheless, the lawsuit asserts that regardless of knowingly obtaining health-connected data from medical companies, Facebook failed to do anything to impose or verify its requirement that healthcare providers get enough authorization from patients prior to sharing patient data with Facebook. The legal action claims the usage of the tool on hospital web pages without acquiring permission violates the Health Insurance Portability and Accountability Act (HIPAA), as the information is obtained with no business associate agreement. It should be mentioned that HIPAA Rules do not limit Meta/Facebook; nonetheless, the hospitals that use the tool may violate HIPAA by disclosing the data with no authorization.

The lawsuit states a violation of the duty of good faith and fair dealing, and not complying with federal and state legislation, which include the federal Electronic Communications Privacy Act, Unfair Competition Law, and California’s Invasion of Privacy Act. The lawsuit wishes punitive and compensatory damages, class-action status, and attorneys’ service fees.

This isn’t the first legal action to be filed against Facebook due to the acquisition of details from hospital sites. The same lawyers got a case against Facebook sacked in 2018 – Smith et al v. Facebook – about the gathering of browsing information from hospital web pages. The judgment was upheld by the U.S. Court of Appeals for the 9th Circuit, which decided that the plaintiffs cannot file a case against Facebook because they had accepted Facebook’s contract terms.

Reclaim the Net obtained a copy of the legal case and shared it on this page.